The recent Equifax breach was a noteworthy calamity within a tidal wave of calamitous events. This is a truly an ignominious milestone because the tidal wave also includes the catastrophic Office of Personnel Management (OPM) breach exposing national security information of countless citizens (including this author), the YAHOO breach, Target breach, Uber, and countless others. There is absolutely no question that something drastic must be done in order to finally ensure Americans data will be kept safe. However, in a rush to finally feel as though we are being proactive, we must not sprint blindly into a bad policy decision.
A classic American response to complex problems is to ignore them until they can no longer be ignored. Then, and only then, do we spring to action with a “fix” that often makes things worse. My favorite example is the Dodd/Frank legislation that was rushed through Congress following the 2008 Great Recession as a way for Congress to convince the nation that it was’ on top of the situation.’ However, we are now struggling with how best to undue much of the problematic aspects of ill-conceived legislation.
We are now witnessing history repeating itself. In a rush to take up the mantle of ‘defending the American people’, Senators Warren (D-MA) and Schatz (D-HI) have introduced the Freedom from Equifax Exploitation Act (FREE Act). Instead of protecting Americans, it sets the stage for a massive power grab by the Consumer Finance Protection Bureau (CFPB) – an agency Senators Lee and Sasse have called the most egregious example of an unaccountable executive agency – and creates a set of unforeseen problems for consumers, such as increasing the costs for consumers to receive and manage their personal credit. This will have a cascading set of problems for industries dependent upon consumer credit, such as the auto and appliance industries.
By and large, the application of onerous new regulation to a policy problem leads to more problems then the actual issue it was designed to fix. We have seen this with Dodd/Frank and many other ill-conceived legislative ‘fixes.’ Over regulating the credit markets will not protect our citizens and will lead to increased costs and bureaucratic hurdles for the consumer. However, doing nothing is also not an option.
The Commonwealth of Pennsylvania has also proposed its own bipartisan legislation to deal this issue on the state level. PA House bill 1847 takes a measured and balanced approach to regulating credit agencies, a model that can be used to promulgate more effective national legislation. The bill gives consumers free credit monitoring following a breach and up to three free credit reports for a year following a breach. These costs will be born by the agency that allowed the breach while agencies that are not guilty will not be affected. Furthermore, consumers affected by a breach must be notified within 45 days of an event. This, coupled with various reporting requirements for credit agencies, creates a consumer-friendly environment without overly regulating the credit sector, which is crucial to maintaining an economic recovery.
Justice Louis Brandeis famously called states the “laboratories of democracy” and here we see a great example of his philosophy. The Commonwealth of Pennsylvania deserves credit for crafting common-sense and balanced legislation. National lawmakers in the House and Senate should take note and apply these principles to their own legislative efforts.